]>
Commit | Line | Data |
---|---|---|
9b7ba1db AA |
1 | package PVE::Storage::CephTools; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use Net::IP; | |
6 | use PVE::Tools qw(run_command); | |
7 | ||
e34ce144 AA |
8 | my $parse_ceph_file = sub { |
9 | my ($filename) = @_; | |
10 | ||
11 | my $cfg = {}; | |
12 | ||
13 | return $cfg if ! -f $filename; | |
14 | ||
15 | my $content = PVE::Tools::file_get_contents($filename); | |
16 | my @lines = split /\n/, $content; | |
17 | ||
18 | my $section; | |
19 | ||
20 | foreach my $line (@lines) { | |
21 | $line =~ s/[;#].*$//; | |
22 | $line =~ s/^\s+//; | |
23 | $line =~ s/\s+$//; | |
24 | next if !$line; | |
25 | ||
26 | $section = $1 if $line =~ m/^\[(\S+)\]$/; | |
27 | if (!$section) { | |
28 | warn "no section - skip: $line\n"; | |
29 | next; | |
30 | } | |
31 | ||
32 | if ($line =~ m/^(.*?\S)\s*=\s*(\S.*)$/) { | |
33 | $cfg->{$section}->{$1} = $2; | |
34 | } | |
35 | ||
36 | } | |
37 | ||
38 | return $cfg; | |
39 | }; | |
40 | ||
41 | my $ceph_get_key = sub { | |
42 | my ($keyfile, $username) = @_; | |
43 | ||
44 | my $key = $parse_ceph_file->($keyfile); | |
45 | my $secret = $key->{"client.$username"}->{key}; | |
46 | ||
47 | return $secret; | |
48 | }; | |
49 | ||
50 | sub get_monaddr_list { | |
51 | my ($configfile) = shift; | |
52 | ||
53 | my $server; | |
54 | ||
55 | if (!defined($configfile)) { | |
56 | warn "No ceph config specified\n"; | |
57 | return; | |
58 | } | |
59 | ||
60 | my $config = $parse_ceph_file->($configfile); | |
61 | @$server = sort map { $config->{$_}->{'mon addr'} } grep {/mon/} %{$config}; | |
62 | ||
63 | return join(',', @$server); | |
64 | }; | |
65 | ||
9b7ba1db AA |
66 | sub hostlist { |
67 | my ($list_text, $separator) = @_; | |
68 | ||
69 | my @monhostlist = PVE::Tools::split_list($list_text); | |
70 | return join($separator, map { | |
71 | my ($host, $port) = PVE::Tools::parse_host_and_port($_); | |
72 | $port = defined($port) ? ":$port" : ''; | |
73 | $host = "[$host]" if Net::IP::ip_is_ipv6($host); | |
74 | "${host}${port}" | |
75 | } @monhostlist); | |
76 | } | |
77 | ||
5527c824 TL |
78 | my $ceph_check_keyfile = sub { |
79 | my ($filename, $type) = @_; | |
80 | ||
81 | return if ! -f $filename; | |
82 | ||
83 | my $content = PVE::Tools::file_get_contents($filename); | |
84 | eval { | |
85 | die if !$content; | |
86 | ||
87 | if ($type eq 'rbd') { | |
88 | die if $content !~ /\s*\[\S+\]\s*key\s*=\s*\S+==\s*$/m; | |
89 | } elsif ($type eq 'cephfs') { | |
90 | die if $content !~ /\S+==\s*$/; | |
91 | } | |
92 | }; | |
93 | die "Not a proper $type authentication file: $filename\n" if $@; | |
94 | ||
95 | return undef; | |
96 | }; | |
97 | ||
9b7ba1db AA |
98 | sub ceph_connect_option { |
99 | my ($scfg, $storeid, %options) = @_; | |
100 | ||
101 | my $cmd_option = {}; | |
102 | my $ceph_storeid_conf = "/etc/pve/priv/ceph/${storeid}.conf"; | |
103 | my $pveceph_config = '/etc/pve/ceph.conf'; | |
104 | my $keyfile = "/etc/pve/priv/ceph/${storeid}.keyring"; | |
105 | $keyfile = "/etc/pve/priv/ceph/${storeid}.secret" if ($scfg->{type} eq 'cephfs'); | |
106 | my $pveceph_managed = !defined($scfg->{monhost}); | |
107 | ||
108 | $cmd_option->{ceph_conf} = $pveceph_config if $pveceph_managed; | |
109 | ||
5527c824 | 110 | $ceph_check_keyfile->($keyfile, $scfg->{type}); |
3e479172 | 111 | |
9b7ba1db AA |
112 | if (-e $ceph_storeid_conf) { |
113 | if ($pveceph_managed) { | |
114 | warn "ignoring custom ceph config for storage '$storeid', 'monhost' is not set (assuming pveceph managed cluster)!\n"; | |
115 | } else { | |
116 | $cmd_option->{ceph_conf} = $ceph_storeid_conf; | |
117 | } | |
118 | } | |
119 | ||
120 | $cmd_option->{keyring} = $keyfile if (-e $keyfile); | |
121 | $cmd_option->{auth_supported} = (defined $cmd_option->{keyring}) ? 'cephx' : 'none'; | |
122 | $cmd_option->{userid} = $scfg->{username} ? $scfg->{username} : 'admin'; | |
123 | $cmd_option->{mon_host} = hostlist($scfg->{monhost}, ',') if (defined($scfg->{monhost})); | |
124 | ||
125 | if (%options) { | |
126 | foreach my $k (keys %options) { | |
127 | $cmd_option->{$k} = $options{$k}; | |
128 | } | |
129 | } | |
130 | ||
131 | return $cmd_option; | |
132 | ||
133 | } | |
134 | ||
e34ce144 AA |
135 | sub ceph_create_keyfile { |
136 | my ($type, $storeid) = @_; | |
137 | ||
138 | my $extension = 'keyring'; | |
139 | $extension = 'secret' if ($type eq 'cephfs'); | |
140 | ||
141 | my $ceph_admin_keyring = '/etc/pve/priv/ceph.client.admin.keyring'; | |
142 | my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension"; | |
143 | ||
144 | die "ceph authx keyring file for storage '$storeid' already exists!\n" | |
145 | if -e $ceph_storage_keyring; | |
146 | ||
147 | if (-e $ceph_admin_keyring) { | |
148 | eval { | |
149 | if ($type eq 'rbd') { | |
150 | mkdir '/etc/pve/priv/ceph'; | |
151 | PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring); | |
152 | } elsif ($type eq 'cephfs') { | |
153 | my $secret = $ceph_get_key->($ceph_admin_keyring, 'admin'); | |
154 | mkdir '/etc/pve/priv/ceph'; | |
155 | PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400); | |
156 | } | |
157 | }; | |
158 | if (my $err = $@) { | |
159 | unlink $ceph_storage_keyring; | |
160 | die "failed to copy ceph authx $extension for storage '$storeid': $err\n"; | |
161 | } | |
162 | } else { | |
163 | warn "$ceph_admin_keyring not found, authentication is disabled.\n"; | |
164 | } | |
165 | } | |
166 | ||
167 | sub ceph_remove_keyfile { | |
168 | my ($type, $storeid) = @_; | |
169 | ||
170 | my $extension = 'keyring'; | |
171 | $extension = 'secret' if ($type eq 'cephfs'); | |
172 | my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension"; | |
173 | ||
174 | if (-f $ceph_storage_keyring) { | |
175 | unlink($ceph_storage_keyring) or warn "removing keyring of storage failed: $!\n"; | |
176 | } | |
177 | } | |
178 | ||
9b7ba1db | 179 | 1; |